Apple Malware in 2015

June 18, 2015 by Gabe | [mmd] |

I think these three consecutive articles describe the current problem pretty well:

The original report from The Register

We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps.

ArsTechnica has a terrific summary and demonstration videos:

Browsers and other Internet-connected apps often use the WebSocket protocol to interact with extensions or other apps. Malicious apps can capitalize on this usage by preemptively taking control of the Internet port a trusted app uses to send or receive data through the WebSocket channel.

The makers of 1Password for Mac and iOS have a pretty thorough breakdown of what's going on.

Since November 2014, we’ve been engaged in discussion with Li about what, if anything, we can do about such attacks. He and his team have been excellent at providing us with details and information upfront.

I hope Apple has been engaged in those discussions too. What a shit show.